Monday, January 17, 2011

Top Ten Web Hacking Techniques of 2010 (Official)

Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. Now it its fifth year the Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work.

Since inception of the Top Ten Web Hacking Techniques list, the diversity, volume, and innovation of security research has always been impressive. 2010 produced 69 new attack techniques! This years point-position voting system worked well and the results showed exceptionally strong competition throughout all the entries. In fact, only two entries did not gain any points.

Today the polls are close, votes are in, and the official Top Ten Web Hacking Techniques of 2010 has been finalized! For any researcher simple the act of creating something unique enough to appear on the complete list is itself an achievement. To make it on to the top ten though, is well, another matter entirely. These researchers receive special praise amongst their peers who selected them and take their place amongst those highlighted in previous years (2006, 2007, 2008, 2009).

At IT-Defense 2011 (Feb.) it will be my great honor to introduce each of the top ten during my “Top Ten Web Hacking Techniques of the Year (2011)” presentations. Each technique will be described in technical detail for how they function, what they can do, to whom, and how best to defend against them. The audience will get an opportunity to better understand the newest Web-based attacks believed most likely to be used against us in the future.

Check out my essays on security. It’s a different perspective. Titles:"Internet Voting: The Great Security Scare." Also, "The Reasonable Person Standard and the Critique of Leading Figures in the Making of Public Policy: The Case of Internet Voting." Finally, "Scary Stories Fail to Stop Internet Voting" updates the story. They are at,http://ssrn.com/author=1053589

Jeremiah, I think it is betetr to have a link for submission of 2011 from now; and whenever we find something by creating/finding the new techniques, we can add it to the list. It will increase chance of having all the materials. Moreover I think, it encourages the people to participate and create the new techniques or publish them for free!

About Me

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!